Research Article
ROBAC: Scalable Role and Organization Based Access Control Models
@INPROCEEDINGS{10.1109/COLCOM.2006.361879, author={Zhixiong Zhang and Xinwen Zhang and Ravi Sandhu}, title={ROBAC: Scalable Role and Organization Based Access Control Models}, proceedings={1st International ICST Workshop on Trusted Collaboration}, publisher={IEEE}, proceedings_a={TRUSTCOL}, year={2007}, month={5}, keywords={access control RBAC role and organization based access control ROBAC}, doi={10.1109/COLCOM.2006.361879} }- Zhixiong Zhang
Xinwen Zhang
Ravi Sandhu
Year: 2007
ROBAC: Scalable Role and Organization Based Access Control Models
TRUSTCOL
IEEE
DOI: 10.1109/COLCOM.2006.361879
Abstract
In RBAC, roles are typically created based on job functions inside an organization. Traditional RBAC does not scale up well for modeling security policies spanning multiple organizations. To solve this problem, a family of extended RBAC models called role and organization based access control (ROBAC) models is proposed and formalized in this paper. Two examples are used to motivate and demonstrate the usefulness of ROBAC. Comparison between ROBAC and other related RBAC models is given. We show that ROBAC can significantly reduce administration complexity for Web and Internet-based applications involving a large number of organizations. Some administrative issues for ROBAC are identified and discussed. Although the theoretical-expressive power of ROBAC is the same as that of RBAC, it is more succinct and intuitive to use ROBAC than to use RBAC when applications involve many organizations.